VULHUB ™

ImageFolio Pro is a web based image archive package, including administrative support through a web interface. A vulnerability exists in versions of ImageFolio Pro prior to 2.27. A remote user with sufficient access to the web administration page may create a category with a maliciously constructed name. When the operation fails, an error message will be displayed which includes a full file path. This path will likely contain the web root. An attacker may be able to use this information to launch further, intelligent attacks against the server.

ImageFolio Pro is a web based image archive package, including administrative support through a web interface. A vulnerability exists in versions of ImageFolio Pro prior to 2.27. A remote user with sufficient access to the web administration page may create a category with a maliciously constructed name. When the operation fails, an error message will be displayed which includes a full file path. This path will likely contain the web root. An attacker may be able to use this information to launch further, intelligent attacks against the server.